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DETAILED ACTION 

1 . Claims 1-27 are pending. 

Response to Amendment 

2. In response to the amendment filed 1 -1 7-09: 

a. The objections to claims 1 , 1 7 & 1 8 are withdrawn; and, 

b. The rejection of claim 26 under 35 USC 1 12, 2d paragraph is withdrawn. 

Response to Arguments 

3. Applicant's arguments filed 1-17-09 have been fully considered but they are not 
persuasive. In regards to Applicant's argument that Linnakangas only teaches a secure 
connection between host 4 and router 2, and does not teach a secure connection 
between host 5 and router 2. Linnakangas teaches that a virtual private network is 
established to provide secure communications between host 4 and host 5, via router 2 
(See par. 24, 4-8). Thus, a secure connection is provided between host 5 and router 2. 

4. Regarding Applicant's argument that Linnakangas delivers "plain text" from the 
router 2 to the host 5. The Examiner has fully reviewed Linnakangas and found no 
teaching in the reference supporting this assertion. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
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A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21 (2) 
of such treaty in the English language. 

1. Claims 1-5, 7-10, 22-24, 26 & 27 are rejected under 35 U.S.C. 102(e) as being 
anticipated by U.S. Patent Application Publication No. 2001/0047487 to Linnakangas, et 
al. (Linnakangas). 

2. Regarding claim 1 , Linnakangas teaches a method for secure forwarding of a 
message from a first computer to a second computer via an intermediate computer in a 
telecommunication network(See paragraph 24, lines 4-8; wherein the local host 5 is the 
first computer, remote host 4 is the second computer, and router 2 is the intermediate 
computer), comprising: establishing a secure connection between the first computer and 
the second computer via the intermediate computer (See par. 24, lines 4-1 1 ; wherein 
message formation is inherent in "communication" and "exchanging user generated 
traffic"), in the first computer, forming a secure message by giving the secure message 
a first unique identity and a first destination address to the intermediate computer (See 
par's 4 & 24; wherein the SPI is the unique identity, and the header inherently includes 
the destination address), sending the secure message from the first computer to the 
intermediate computer (See par. 24, lines 4-6), the intermediate computer receiving the 
secure message and performing a translation by using the first unique identity to find a 
second destination address to the second computer, (See par.'s 4 & 24; wherein a 
router that is able to perform IPSec and IKE translation, inherently includes a translation 
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table), the intermediate computer substituting the first destination address with the 
second destination address to the second computer (See par.'s 4 & 24; wherein 
address substitution is a standard part of IPSec processing and IKE translation), the 
intermediate computer substituting the first unique identity with a second unique identity, 
(See par.'s 4 & 24; wherein generating and substituting SPI's is a standard part of 
IPSec processing and IKE translation), and the intermediate computer forwarding the 
secure message with the second destination address and the second unique identity to 
the second computer (See par. 24, line 11). 

3. Regarding claim 2, Linnakangas discloses forming the secure message in step b) 
by using an IPSec connection between the first computer and the second computer 
(See par. 24, lines 4-7). 

4. Regarding claim 3, Linnakangas discloses performing a secure forwarding of the 
message by making use of SSL or TLS protocols (See par. 24, lines 4-7; wherein using 
a secure socket layer (SSL) is inherent in IPSec). 

5. Regarding claim 4, Linnakangas discloses manually performing a preceding 
distribution of keys to components for forming the IPSec connection (See par. 40, lines 
8-12; wherein manual distribution occurs when the IKE module is responding to a 
request). 

6. Regarding claim 5, Linnakangas discloses performing a preceding distribution of 
keys for forming the IPSec connection by an automated key exchange protocol (See 
par. 40, lines 8-12; wherein automated key exchange occurs when the IKE module 
initiates negotiations). 
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7. Regarding claim 7, Linnakangas teaches sending tlie message that is sent from 
the first computer as a packet that contains message data, an inner IP header 
containing the actual sender and receiver addresses, an outer IP header containing the 
addresses of the first computer and the intermediate computer (See par. 3, lines 1-6). 

8. Regarding claim 8, Linnakangas teaches the IPSec connection being one or 
more security associations (SA) and the unique identity being one or more SPI values 
(See par. 4, lines 5-14). 

9. Regarding claim 9, Linnakangas teaches performing the matching in step d) 

by using a translation table stored at the intermediate computer (See par. 31 , lines 1-6; 
wherein the IP forwarder module is part of the intermediate computer). 

10. Regarding claim 10, Linnakangas teaches changing both the address and 
the SPI-value by the intermediate computer (See par. 24; wherein IPSec includes 
replacing addresses in accordance with the translation tables, and assigning a new SPI 
value to every received packet). 

1 1 . Regarding claim 22, Linnakangas teaches a telecommunication network for 
secure forwarding of messages, comprising: a first computer, a second computer and 
an intermediate computer, the first and the second computers having a secure 
connection therebetween via the intermediate computer, the first and the second 
computers having means for performing an IPSec processing, and the intermediate 
computer having translation tables to perform IPSec and IKE translation (See par. 24, 
lines 1-15; wherein local host 5 is the first computer, remote host 4 is the second 
computer, and router 2 is the intermediate computer). 
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12. Regarding claim 23, Linnakangas teaches the translation table for IPSec 
translation has IP addresses of the intermediate computer to be matched with IP 
addresses of the second computer (See par. 24, lines 4-6; wherein the router inherently 
has translation tables to perform IPSec). 

1 3. Regarding claim 24, Linnakangas teaches the translation tables for IKE 
translation consists of two partitions, one for the communication between the first 
computer and the intermediate computer and another for the communication between 
the intermediate computer and the second computer (See par. 24, lines 4-8; wherein 
the router (or intermediate computer) inherently includes at least two translation tables 
(or partitions), since one translation table is required for each IPSec connection, and 
there are at least two IPSec connections). 

14. Regarding claim 26, Linnakangas teaches another translation table for IKE 

translation containing fields for matching a given user to a given second computer (See 
par. 24, lines 8-1 1; wherein each remote host must establish a new secure connection, 
which includes a new translation table). 

1 5. Regarding claim 27, this claim recites a network for carrying out the method of 
claim 1 , and is rejected for the same reasons. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or deschbed as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

16. Claims 6, 1 1-14 & 20-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Linnakangas, as applied to claim 1 above, in view of Applicant's 
Admitted Prior Art (AAPA). 

17. Regarding claim 6, Linnakangas teaches the invention as described in claim 5. 
Linnakangas does not teach performing the automated key exchange protocol used for 
the preceding distribution of keys for forming the IP Sec connection by means of a 
modified IKE key exchange protocol between the first computer and the intermediate 
computer and by means of a standard IKE key exchange protocol between the 
intermediate computer and the second computer. However, AAPA teaches a 
modified IKE key exchange protocol between the first computer and the intermediate 
computer (See page 8, lines 27-29; wherein the key exchange is modified to support 
NAT traversal) and a standard IKE key exchange protocol between the intermediate 
computer and the second computer (See p. 8, lines 29-32). 

Using the features of AAPA in the system of Linnakangas would have added 
flexibility by allowing different networks to connect to the system. Therefore, it would 
have been obvious to one of ordinary skill in the art, at the time of the invention, to 
combine the teachings of AAPA and Linnakangas. 

18. Regarding claim 1 1 , Linnakangas teaches the invention as described in claim 1 . 
Linnakangas does not teach the first computer being a mobile terminal, so that the 
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mobility is enabled by modifying the translation table at the intermediate 
computer. However, AAPA teaches this limitation (See p. 7, lines 10-16). 

Using the features of AAPA in the system of Linnakangas would have broadened 
the appeal and applicability of the system by allowing mobile units to connect to the 
network. Therefore, It would have been obvious to one of ordinary skill in the art, at the 
time of the invention, to combine the teachings of AAPA and Linnakangas. 

19. Regarding claim 12, Linnakangas, in view of AAPA, teach the invention as 
described in claim 1 1 . Linnakangas further teaches performing the modification of the 
translation tables by sending a request for registration of the new address from the first 
computer to the intermediate computer (See p. 3, par.'s 46-51). 

20. Regarding claim 13, Linnakangas, in view of AAPA, teach the invention as 
described in claim 12. Linnakangas further teaches sending a reply to the request for 
registration from the intermediate computer to the first computer (See p. 3, par. 50). 

21 . Regarding claim 14, Linnakangas, in view of AAPA, teach the invention as 
described in claim 12. Linnakangas further teaches authenticating or encrypting by 
IPSec the request for registration and/or reply (See p. 3, par. 62). 

22. Regarding claim 20, Linnakangas teaches the invention as described in claim 1 . 
Linnakangas does not teach sending the secure message by using an IPSec transport 
mode. However, AAPA teaches this limitation (See p. 4, lines 14-19). 

Using the features of AAPA in the system of Linnakangas would have added 
improved security to the system. Therefore, it would have been obvious to one of 
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ordinary sl<ill in tlie art, at the time of the invention, to combine the teachings of AAPA 
and Linnakangas. 

23. Regarding claim 21 , Linnal<angas teaches the invention as described in claim 1 . 
Linnakangas does not teach sending the secure message by using an IPSec tunnel 
mode. However, AAPA teaches this limitation (See p. 4, lines 21-29). 

Using the features of AAPA in the system of Linnakangas would have added 
improved security and flexibility to the system. Therefore, it would have been obvious to 
one of ordinary skill in the art, at the time of the invention, to combine the teachings of 
AAPA and Linnakangas. 

24. Claims 15-19 & 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Linnakangas, as applied to claims 4 & 24 above, in view of U.S. Patent Number 

6,985,953 issued to Sandhu, et al. (Sandhu). 

25. Regarding claim 15, Linnakangas teaches the invention as described in claim 4. 
Linnakangas further teaches establishing the key distribution for the secure connections 
by establishing an IKE protocol translation table, and using the translation table to 
modify IP addresses of IKE packets in the intermediate computer (See par. 24, lines 4- 
6). Linnakangas does not teach using the translation table to modify cookie values of 
IKE packets in the intermediate computer. However, Sandhu teaches this limitation 
(See col. 7, line 55 to col. 8, line 19; wherein the KDC is the intermediate computer). 

Using the features of Sandhu in the system of Linnakangas would have added 
another layer of security within the secure connection. Therefore, it would have been 
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obvious to one of ordinary skill, at the time of the invention, to combine the teachings of 
Sandhu and Linnakangas. 

26. Regarding claim 16, Linnakangas in view of Sandhu teach the invention as 
described in claim 15. Linnakangas does not teach establishing the key exchange 
distribution by: generating an initiator cookie and sending a zero responder cookie to 
the second computer, generating a responder cookie in the second computer, and 
establishing a mapping between IKE cookie values in the intermediate computer. 
However, Sandhu teaches generating an initiator cookie and sending a zero responder 
cookie to the second computer (See col. 8, lines 41-47; wherein the Authenticator is the 
initiator cookie), generating a responder cookie in the second computer (See col. 8, 
lines 41-47; wherein Bob's response is the responder cookie), and establishing a 
mapping between IKE cookie values in the intermediate computer (See col. 8, lines 49- 
51 ; wherein a mapping is required for authentication). 

Using the features of Sandhu in the system of Linnakangas would have 
increased the number of security features available in the system. Therefore, it would 
have been obvious to one of ordinary skill in the art, at the time of the invention, to 
combine the teachings of Sandhu and Linnakangas. 

27. Regarding claim 17, Linnakangas in view of Sandhu teach the invention as is 
described in claim 15. Linnakangas further teaches modifying a IKE protocol between 
the first computer and the intermediate computer by transmitting the IKE keys from the 
first computer to the intermediate computer in order to decrypt and modify IKE packets 



Application/Control Number: 10/500,930 Page 1 1 

Art Unit: 2458 

(See par.'s 4 & 24; wherein the remote host 4 is an IPSec node that sends the IKE keys, 
and equates to applicant's first computer). 

28. Regarding claim 18, Linnakangas in view of Sandhu teach the invention as is 
described in claim 15. Linnakangas further teaches carrying out the modification of the 
IKE packets by the first computer with the intermediate computer requesting such 
modifications (See par.'s 41-45; wherein the IKE module is in the intermediate 
computer). 

29. Regarding claim 19, Linnakangas in view of Sandhu teach the invention as 
described in claim 1 7. Linnakangas further teaches defining the address so that the first 
computer is identified for the second computer by the intermediate computer by means 
of an IP address taken from a pool of user IP addresses when forming the translation 
table (See par.'s 56 & 57). 

30. Regarding claim 25, Linnakangas teaches the invention as described in claim 24. 
Linnakangas further teaches both partitions of the mapping table for IKE translation 
contains translation fields for a source IP address and a destination IP address between 
respective computers (See par. 24, lines 4-8; wherein source and destination addresses 
are inherent in IPSec). Linnakangas does not teach the mapping table for IKE 
translation contains translation fields for initiator and responder cookies between 
respective computers. However, Sandhu teaches a mapping table that contains 
translation fields for initiator and responder cookies between respective computers (See 
col. 8, lines 41-51 ; wherein the authenticator is the initiator cookie and Bob's response 
is the responder cookie). 
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Using the features of Sandhu in the system of Linnakangas would have provided 
increased security and insured that messages where transmitted to the correct 
destination. Therefore, it would have been obvious to one of ordinary skill in the art, at 
the time of the invention, to combine the teachings of Sandhu and Linnakangas. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action Is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action Is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any Inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey Seto whose telephone number Is (571)270-7198. 
The examiner can normally be reached on Monday thru Thursday and alt. Fridays, 9:30 
AM-7 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Joseph E. Avellino can be reached on (571 ) 272-3905. The fax phone 
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number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



JKS 

5/28/2009 

/Joseph E. Avellino/ 

Supervisory Patent Examiner, Art Unit 2458 



